The OASIS XACML standard emerged as a pure declarative language allowing to express access control. Later, it was enriched with the concept of obligations which must be carried out when the access is granted or denied. In our previous work, we presented U-XACML, an extension of XACML that allows to express Usage Control (UCON). In this paper we propose an architecture for the enforcement of U-X...

XACML is apparently the most convenient way to express attribute-based access control policies. Though XACML has been used in several access control areas, processing XACML policies for attribute-based database access control still has not been studied in depth. In this work we compile XACML policies, and utilize the underlying database access mechanisms such as ACLs to protect sensitive data. ...

As a new generation access control method, Attribute-Based Access Control (ABAC) has gained increasing attention. Currently, Balana is the only open-source implementations of XACML 3.0, which is an OASIS standard for specifying ABAC. Considering that XACML is much more complex than traditional access control models, conformance testing of any XACML implementation is an important problem. Using ...

Most prior research on policies has focused on correctness. While correctness is an important issue, the adoption of policybased computing may be limited if the resulting systems are not implemented efficiently and thus perform poorly. To increase the effectiveness and adoption of policy-based computing, in this paper, we propose fast policy evaluation algorithms that can be adapted to support ...

Title of dissertation: A LOGIC-BASED FRAMEWORK FOR WEB ACCESS CONTROL POLICIES Vladimir Kolovski, Doctor of Philosophy, 2008 Dissertation directed by: Professor James Hendler Department of Computer Science With the widespread use of web services, there is a need for adequate security and privacy support to protect the sensitive information these services could provide. As a result, there has be...

The eXtensible Access Control Markup Language (XACML) has attracted significant attention from both industry and academia, and has become the de facto standard for the specification of access control policies. However, its XML-based verbose syntax and rich set of constructs make the authoring of XACML policies difficult and error-prone. Several automated tools have been proposed to analyze XACM...

The report discusses our experiences of using two OASIS Web service standards; namely eXtensible Access Control Mark-up Language which abbreviates to (XACML) and Security Assertion Mark-up Language or SAML as it is commonly known. Within the domain of the GOLD project we have combined these two standards to offer single login mechanisms, including a simple protocol for enabling the crossing of ...

Aplikasi Sistem Informasi Aparatur Sipil Negara adalah aplikasi yang mengelola selu- ruh tahapan manajemen kepagawaian aparatur sipil negara, sejalan dengan perkembangan teknologi dan kebutuhan negara akan data digital, maka perlu dilakukan pengembangan. terdapat 18 pengembangan salah satunya pada fungsi user. Adapun permasalahan ada tersebut yaitu user memiliki role cukup banyak, dimana 1 bisa...

XeNA is a new model for the negotiation of access within an extended eXtensible Access Control Markup Language (XACML) architecture. We bring together trust management through a negotiation process and access control management within the same architecture. The negotiation process based on resource classification methodology occurs before the access control management. A negotiation module at t...

In this paper we describe how we have added support for dynamic delegation of authority that is enacted via the issuing of credentials from one user to another, to the XACML model for authorisation decision making. Initially we present the problems and requirements that such a model demands, considering that multiple domains will typically be involved. We then describe our architected solution ...